IETF Logo Mail Archive

Re: [kitten] Replacing Kerberos

Simo Sorce <simo@redhat.com> Tue, 28 February 2023 20:13 UTC

Return-Path: <simo@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D6D1C1524C8 for <kitten@ietfa.amsl.com>; Tue, 28 Feb 2023 12:13:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RopLsw9jBCEJ for <kitten@ietfa.amsl.com>; Tue, 28 Feb 2023 12:13:49 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35DF1C151B10 for <kitten@ietf.org>; Tue, 28 Feb 2023 12:13:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1677615228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JtdW3Ac5IXutcI9dEVPr/5erkNagZnCHffqOkdsofJs=; b=Mt0K4b+/6ip7ES+x5Jug/9S49Tm4PA6b5calcXSlkJ3cDAZCx+vHKTbEOGqhnZF0PcSprK A2zahqdCEZhhSQC/A2vzdbuFltBdvo/BtfQZV7aBBUZHwltOTN8VRKQayssNUnZ2aKvFEq RVE2Ax3CQ5OxYa7j3iKNzNxTnB6apiM=
Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-146-gIoVz8oWPRmAiTIg0N06Dg-1; Tue, 28 Feb 2023 15:13:47 -0500
X-MC-Unique: gIoVz8oWPRmAiTIg0N06Dg-1
Received: by mail-qk1-f197.google.com with SMTP id u28-20020a05620a085c00b0073b88cae2f5so6646086qku.8 for <kitten@ietf.org>; Tue, 28 Feb 2023 12:13:46 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677615226; h=mime-version:user-agent:content-transfer-encoding:organization :references:in-reply-to:date:cc:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JtdW3Ac5IXutcI9dEVPr/5erkNagZnCHffqOkdsofJs=; b=ePJ5yiEDhzukdWGuEYil5cA+2Z9K6/QCqCb6izn8GYW3XmWIYcyvf8PiXZu3zq0j7t TRAuZbMryKIL6y7TeYbqTzP3HG62QIZBbl/EgqXCWh/t1CuN91ttmdl5+dTXRhrXAXRQ d1bvsfK8e9nwaX9vkx1AbmdSy4dHbK1cqN9uWpiTjgt8FCPM9BPCVLosYStTn8pHJBdI OVtPps+eKNWurijrngwsjOmhywwfu+qEC69kDqy6/JHZAoEDeKJ3n4T7IhBjgtbsIWUB Oyep43xQb37VMS0tQynAAHHQRA0ed6MMTVPy7ylOI//mVupNZBiJ4lKY8QwuPsPXE5/W 92QA==
X-Gm-Message-State: AO0yUKURkbmvAFK5knoQ6PZMWRLx4BfnA8ZtN+aY/kn0VNicd0Y3ICL+ NaCMKbyMzfuKuKzmostpk5o6ZJl5Bq1i/B3FsN4BeMSaBmVDkSqDnkmLteRW64TpaaZmew/4SRA SBwhuAEef4+P2
X-Received: by 2002:a05:622a:110f:b0:3b4:79f8:26c3 with SMTP id e15-20020a05622a110f00b003b479f826c3mr6813697qty.33.1677615226548; Tue, 28 Feb 2023 12:13:46 -0800 (PST)
X-Google-Smtp-Source: AK7set9e21f2uCeIescWEh/jNUdq4KUCg1xk4pmz0Fhhjj4KO2dfI9nZRJ+9EDBL5+j9iAwP2SC7Fw==
X-Received: by 2002:a05:622a:110f:b0:3b4:79f8:26c3 with SMTP id e15-20020a05622a110f00b003b479f826c3mr6813677qty.33.1677615226302; Tue, 28 Feb 2023 12:13:46 -0800 (PST)
Received: from 2603-7000-9400-fe80-0000-0000-0000-07a7.res6.spectrum.com (2603-7000-9400-fe80-0000-0000-0000-07a7.res6.spectrum.com. [2603:7000:9400:fe80::7a7]) by smtp.gmail.com with ESMTPSA id x16-20020ac87a90000000b003b9b41a32b7sm6934657qtr.81.2023.02.28.12.13.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Feb 2023 12:13:45 -0800 (PST)
Message-ID: <cdfe1552f1b6c6063a81af026e96c21aee132e25.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Erin Shepherd <erin.shepherd@e43.eu>, Nico Williams <nico@cryptonector.com>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Date: Tue, 28 Feb 2023 15:13:45 -0500
In-Reply-To: <3254E2DC-A6A8-4071-B3EB-BBD73056547C@e43.eu>
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com> <de4cbe7b-85b5-7001-3a8c-74787990c6e0@secure-endpoints.com> <eb9fa7a4-a00d-f388-27aa-3624df8ce4f2@secure-endpoints.com> <MW4PR21MB197060FB388E7922FAADEB079CA19@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/GFY3wTO+TBg638@gmail.com> <134D46FA-1E2A-4DB0-9B8D-6897136972CA@e43.eu> <Y/fNaFUq3YMjhahD@gmail.com> <3254E2DC-A6A8-4071-B3EB-BBD73056547C@e43.eu>
Organization: Red Hat
User-Agent: Evolution 3.46.4 (3.46.4-1.fc37)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/OzZKa4glGp2UyipwcDC4oLLTaxA>
Subject: Re: [kitten] Replacing Kerberos
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2023 20:13:51 -0000

On Mon, 2023-02-27 at 01:29 +0100, Erin Shepherd wrote:
> One thing I would really like, as an aside, is a proxy mech which
> allows delegating all the context establishment business to an
> external process but just returns the master keys to the caller.

If this is not 100% what you want it is very close:
https://github.com/gssapi/gssproxy

Simo.

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc

v2.23.0 | Report a Bug | By Email